UID for running user is not 0-checkpoint-all

UID for running user is not 0-checkpoint-all
0

UID for running user is not 0-checkpoint-all

Vendor: checkpoint

OS: all

Description:
It is critical to make sure running user’s UID is 0 so they have root access. Without root access, interrogation and some commands might fail to execute correctly.

Remediation Steps:
Remove user configured for this device and re-add this device with an user with UID 0. To find out UID value for a particular user, run ‘id [username]’ on the terminal of the device.

How does this work?
Run “id” command to find the UID value of the user.

Why is this important?
A lot of Check Point commands require the user to have root access (UID 0) in order to be executed successfully. During interrogation, a script might fail to recognize the device, because interrogation was not run with a user with root access. This might cause a device to be tagged incorrectly.

Without Indeni how would you find this?
An administrator could login and manually run the “id” command to find the UID of the current user

chkp-id

name: chkp-id
description: Fetch UID value for the user
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    linux-based: 'true'
comments:
    user-id:
        why: "A lot of Check Point commands require the user to have root access (UID\
            \ 0) in order to be executed successfully. \nDuring interrogation, a script\
            \ might fail to recognize the device, because interrogation was not run\
            \ with a user with root\naccess. This might cause a device to be tagged\
            \ incorrectly.\n"
        how: |
            Run "id" command to find the UID value of the user.
        without-indeni: |
            An administrator could login and manually run the "id" command to find the UID of the current user
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: chkp-id.remote.1.bash
    parse:
        type: AWK
        file: chkp-id.parser.1.awk

CheckPointUidNotZeroRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package templatebased.checkpoint

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class CheckPointUidNotZeroRule() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "CheckPointUidNotZeroRule",
  ruleFriendlyName = "Check Point Devices: UID for running user is not 0",
  ruleDescription = "It is critical to make sure running user's UID is 0 so they have root access. Without root access, interrogation and some commands might fail to execute correctly.",
  metricName = "user-id",
  alertDescription = "UID 0 represents root access privilege on this device. The user used to run the commands on this device does not have UID 0 access. This will prevent some commands from operating correctly which might cause missing metrics and tags",
  baseRemediationText = "Remove user configured for this device and re-add this device with an user with UID 0. To find out UID value for a particular user, run 'id [username]' on the terminal of the device.",
  complexCondition = RuleNot(RuleEquals(RuleHelper.createComplexStringConstantExpression("0"), SnapshotExpression("user-id").asSingle().mostRecent().value().noneable))
)()